CVE-2015-0087

Name of the Vulnerable Software and Affected Versions Windows Server 2003 SP2 Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT Gold and 8.1

Description The Adobe Font Driver in Microsoft Windows allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font. Information disclosure vulnerabilities exist in the Adobe Font Driver that could allow the disclosure of memory contents to an attacker. These vulnerabilities are caused when the Adobe Font Driver tries to read or display certain fonts. An attacker could use the vulnerabilities to gain information about the system that could then be combined with other attacks to compromise the system.

Recommendations For Windows Server 2003 SP2, update the Adobe Font Driver to prevent information disclosure. For Windows Vista SP2, update the Adobe Font Driver to prevent information disclosure. For Windows Server 2008 SP2 and R2 SP1, update the Adobe Font Driver to prevent information disclosure. For Windows 7 SP1, update the Adobe Font Driver to prevent information disclosure. For Windows 8, update the Adobe Font Driver to prevent information disclosure. For Windows 8.1, update the Adobe Font Driver to prevent information disclosure. For Windows Server 2012 Gold and R2, update the Adobe Font Driver to prevent information disclosure. For Windows RT Gold and 8.1, update the Adobe Font Driver to prevent information disclosure. As a temporary workaround, consider disabling the use of crafted fonts until a patch is available. Restrict access to the Adobe Font Driver to minimize the risk of exploitation. Avoid using the Adobe Font Driver to read or display certain fonts until the issue is resolved.